AMENDMENT TO THE CLAIMS 



(Currently Amended) A cryptographic method, including: 

generating, at a first entity, a first public key Mb, the first public key Mb being session 
specific; 

receivin g from a second entity , at the first entity, a second public key M A , the second 

public key Ma being session specific; 
generating, at the first entity, a first secret Sb by hashing one or more parameters that are 

known to the first entity and the second entity, at least one of the parameters being 

more of the following: a first password Pb, the first public key M B , and the second 
public key Ma; 

generating, at the first entity, a first session key Kb, the first session key Kb being 

different from the first secret Sb, both the first session key K B and the first secret 

Sb being computed from the second public key M A ; 
encrypting, at the first entity, a first random nonce Nb with the first session key Kb or the 

first secret S B to obtain a first encrypted result; 
encrypting, at the first entity, the first encrypted result with the other one of the first 

session key Kb or the first secret Sb to obtain an encrypted random nonce; 
transmitting the encrypted random nonce from the first entity to the second entity; 
receiving a response to the encrypted random nonce; and 

authenticating through determining whether the response includes a correct modification 
of the first random nonce N B . 

(Canceled) 

(Previously Presented) The method of claim 1 wherein authenticating through 
determining whether the response includes a correct modification includes: 
checking whether a received modification of the first random nonce Nb equals a 
modification of the first random nonce N B applied by the first entity. 
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4. (Previously Presented) The method of claim 1 wherein said authenticating includes: 
checking whether a received modification of the first random nonce less a modification 

thereof as applied thereto by the first entity equals the first random nonce. 

5. (Previously Presented) The method of claim 1 wherein generating the first session key K B 
includes: 

generating a first random number R B , and 

computing the first session key K B from the second public key M A raised to the 

exponential power of the first random number Rb, modulo a parameter B B . 

6-7. (Canceled) 

8. (Previously Presented) The method of claim 1 wherein said generating the first secret S B 
includes: 

combining the second public key M A and the first public key M B with a first password P B 

to produce a first result, and 
hashing the first result with a secure hash. 

9. (Original) The method of claim 8 wherein the secure hash is a one-way hash function. 

10. (Original) The method of claim 9 wherein the one-way hash function is one of the Secure 
Hash Algorithm, the Message Digest 5, Snefru, Nippon Telephone and Telegraph Hash, 
and the Gosudarstvennyl Standard. 

11. (Previously Presented) The method of claim 1 wherein said generating the first secret S B 
includes: 

combining a first password P B and at least one of the second public key M A and the first 

public key M B to generate a first combined result, and 
combining the first combined result and at least one of the second public key M A , the first 

password P B , and the first public key M B to generate a second combined result. 



004860P2441 



3 



09/918,602 



12. (Previously Presented) The method of claim 1 wherein the first random nonce N B is 
encrypted using a symmetrical encryption algorithm. 

13. (Original) The method of claim 12, wherein the symmetrical encryption algorithm is one 
of the Data Encryption Standard and the block cipher CAST. 

14. (Previously Presented) The method of claim 1 wherein encrypting the first random nonce 
Nb includes superencrypting the first random nonce Nb. 

15. (Previously Presented) The method of claim 14, wherein superencrypting the first 
random nonce N B includes: 

encrypting the first random nonce N B with the first secret Sb to produce the first encrypted 
result; and 

encrypting the first encrypted result using the first session key K B . 

16. (Previously Presented) The method of claim 15 wherein said authenticating includes: 
decrypting the response using the first session key K B to generate a first decrypted result; 

and 

decrypting the first decrypted result using the first secret S B . 

17. (Previously Presented) The method of claim 1, wherein the response includes a 
combination of a second random nonce Na and a modification of the first random nonce; 
and wherein the method further includes: 

extracting the second random nonce Na from the response; 

modifying the second random nonce N A to obtain a modified second random nonce; 
encrypting the modified second random nonce using the first session key K B and the first 

secret S B to obtain an encrypted package; and 
transmitting the encrypted package from the first entity. 
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18. (Previously Presented) The method of claim 1 7 wherein said encrypting the modified 
second random nonce includes: 

generating a string of random bits I B ; 

encrypting a combination of the string of random bits I B and the modified second random 

nonce using the first secret Sb to generate a first result; and 
encrypting the first result using the first session key K B . 

1 9. (Previously Presented) The method of claim 1 7 wherein the encrypted package is 
transmitted for authentication of the first entity in opening a two-way communication 
channel. 

20. (Currently Amended) A computer readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system to 
perform a cryptographic method including: 

generating, at the first computer system, a first public key M B , the first public key M B 

being session specific; 
receivin g from a second computer system , at the first computer system, a second public 

key M A , the second public key M A being session specific; 
generating, at the first computer system, a first secret S B by hashing one or more 

parameters that are known to the first computer system and the second computer 

system, at least one of the parameters being a result of hashing e qual to a s e quence 

of hash functions appli e d to at l e ast one or more of the following: a first password 

P B , the first public key M B , and the second public key M A ; 
generating, at the first computer system, a first session key K B , the first session key K B 

being different from the first secret S B , both the first session key K B and the first 

secret S B being computed from the second public key M A ; 
encrypting, at the first computer system, a first random nonce N B with the first session 

key K B or the first secret S B to obtain a first encrypted result; 
encrypting, at the first computer system, the first encrypted result with the other one of 

the first session key K B or the first secret S B to obtain an encrypted random nonce; 
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transmitting the encrypted random nonce from the first computer system to the second 

computer system; and 
authenticating through determining whether a response to the encrypted random nonce 

includes a correct modification of the first random nonce N B . 

2 1 . (Currently Amended) A distributed readable storage medium containing executable 

computer program instructions which, when executed, cause a first computer system and a 
second computer system to perform a computer cryptographic method through a network, 
the method comprising: 

generating at the first computer system a first public key M B , the first public key M B 

being session specific; 
generating at the second computer system a second public key M A , the second public key 

M A being session specific; 
receiving at the first computer system the second public key M A ; 
generating, at the first computer system, a first secret Sb by hashinfi one or more 

parameters that are known to the first computer system and the second computer 

system, at least one of the parameters being a result of hashing e qual to a s e quenco 

of hash functions appli e d to at l e ast one or more of the following: a first password 

Pb, the first public key M B , and the second public key M A ; 
generating at the first computer system a session key K B , the session key K B being 

different from the first secret S B , both the session key K B and the first secret S B 

being computed from the second public key M A ; 
generating at the first computer system a first random nonce N B ; 
encrypting at the first computer system the first random nonce N B with the first session 

key K B or the first secret S B to obtain a first encrypted result; 
encrypting at the first computer system the first encrypted result with the other one of the 

first session key Kb or the first secret Sb to obtain an encrypted random nonce; 
transmitting the encrypted random nonce and the first public key M B from the first 

computer system to the second computer system to establish the session key at the 

second computer system; 
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receiving at the first computer system from the second computer system a response to the 

encrypted random nonce; and 
authenticating the second computer system at the first computer system through 

determining whether the response includes a correct modification of the first 

random nonce Nb. 

(Currently Amended) A computer system for performing a cryptographic method through 
a network, the computer system comprising: 
a processor; 

a network interface coupled to the network and coupled to the processor, the network 
interface to receive a request including information on a user identification; and 

a storage device coupled to the processor, the storage device to store a user password 

corresponding to the user identification, and wherein the processor is to perform a 
method, including: 

receiving a second public key M A through the network interface from a second 
computer system , the second public key M A being session specific; 

generating, at the first computer system, a first secret Sb by hashing one or more 
parameters that are known to the first computer system and the second 
computer system, at least one of the parameters being a result of hashing 
e qual to a s e qu e nc e of hash functions applied to at leas t one or more of the 
following: a first password P B , the first public key M B , and the second 
public key Ma; 

generating a first session key K B , the session key K B being different from the first 

secret Sb, both the session key K B and the first secret S B being computed 

from the second public key M A ; 
generating a first public key M B , the first public key M B being session specific; 
generating a first random nonce Nb, the first random nonce N B b; 
encrypting the first random nonce Nb with the session key K B or the first secret Sb 

to obtain a first encrypted result; 
encrypting the first encrypted result with the other one of the session key K B or the 

first secret S B to obtain an encrypted random nonce; 
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transmitting the encrypted random nonce and the first public key M B through the 
network interface; 

authenticating through determining whether a response to the encrypted random 
nonce includes a correct modification of the first random nonce. 

(Previously Presented) The computer system of claim 22 wherein the network is a 
network operating according to a hypertext transfer protocol; and the first public key M B 
is transmitted with the encrypted random nonce for session key exchange. 

(Currently Amended) A cryptographic method, comprising: 

receiving at a first entity a second public key M A and an encrypted second random 

numbe r from a second entity ; 
generating a first secret S B by hashing one or more parameters that are known to the first 

entity and the second entity, at least one of the parameters being a result of 

following: a first password Pb, a first public key M B , and the second public key 
M A ; 

generating a first session key K B , the session key K B being different from the first secret 

Sb, both the session key Kb and the first secret Sb being computed from the 

second public key M A ; 
decrypting, using the first secret S B and the first session key K B , to retrieve a second 

random number N A from the encrypted second random number; 
modifying the second random number N A to obtain a modified second random number; 
encrypting the modified second random number with the first session key K B or the first 

secret S B to obtain a first encrypted result; 
encrypting the first encrypted result with the other one of the first session key K B or the 

first secret S B to obtain an encrypted random package; and 
transmitting the encrypted random package from the first entity. 
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25. (Previously Presented) The method of claim 24, wherein said decrypting includes: 
decrypting the encrypted second random number using the first session key Kb to 

generate the first decrypted result; and 
decrypting the first decrypted result using at least a first password P B and the second 
public key M A . 

26. (Previously Presented) The method of claim 24 wherein said generating the first session 
key K B includes: 

generating a first random number R B , and 

computing the first session key K B from the second public key M A raised to the 

exponential power of the first random number R B , modulo a parameter B B . 

27-28. (Canceled) 

29. (Previously Presented) The method of claim 24 wherein said generating the first secret Sb 
includes: 

combining the first public key Mb with the first password Pb to produce a first result, and 
hashing the first result with a secure hash. 

30. (Original) The method of claim 29 wherein the secure hash is a one-way hash function. 

3 1 . (Original) The method of claim 30 wherein the one-way hash function is one of the 
Secure Hash Algorithm, the Message Digest 5, Snefru, Nippon Telephone and Telegraph 
Hash, and the Gosudarstvennyl Standard. 

32. (Previously Presented) The method of claim 24 wherein said generating the first secret Sb 
includes: 

combining the first password Pb and the first public key M B to generate a first combined 
result, and 

combining the first combined result and at least one of the second public key M A , the first 
password Pb, and the first public key Mb to generate the first secret Sb. 
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33. (Previously Presented) The method of claim 24, wherein said encrypting the modified 
second random number includes superencrypting the modified second random number. 

34. (Previously Presented) The method of claim 24, further including: 
generating a first random number Nb; and 

wherein said encrypting the modified second random number includes: 
encrypting a combination of the first random number Nb and the modified second random 
number. 

35. (Previously Presented) The method of claim 34 which further includes: 
receiving at the first entity a response to the encrypted random package; 

decrypting the response to obtain a combination of a string of random bits and a modified 

first random nonce; and 
retrieving the modified first random nonce from the combination of the string of random 

bits and the modified first random nonce; 
determining whether the modified first random nonce was correctly modified from the 

first random number Nb. 

36. (Previously Presented) The method of claim 35 wherein said determining whether the 
modified first random nonce was correctly modified includes: 

checking whether the modified first random nonce equals a modification of the first 
random nonce as applied to the first random nonce by the first entity. 

37. (Previously Presented) The method of claim 35 wherein said determining whether the 
modified first random nonce was correctly modified includes: 

checking whether the modified first random nonce less a modification thereof as applied 
thereto by the first entity equals the first random nonce. 

38. (Currently Amended) A computer readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system to 
perform a cryptographic method including: 
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receiving at the first computer system a second public key M A and an encrypted second 

random numbe r from a second computer system ; 
generating a first secret Sb by hashing one or more parameters that are known to the first 

computer system and the second computer system, at least one of the parameters 

teas tone or more of the following: a first password P B , a first public key M B , and 

the second public key M A ; 
generating a first session key K B , the session key K B being different from the first secret 

Sb, both the session key K B and the first secret S B being computed from the 

second public key M A ; 
decrypting, using the first secret S B and the first session key Kb, to retrieve the second 

random number N A from the encrypted second random number; 
modifying the second random number N A to obtain a modified second random number; 
encrypting the modified second random number with the first session key K B or the first 

secret Sb to obtain a first encrypted result; 
encrypting the first encrypted result with the other one of the first session key K B or the 

first secret S B to obtain an encrypted random package; 
transmitting the encrypted random package from the first computer system for 

authentication. 

(Currently Amended) A distributed readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system and 
a second computer system to perform a cryptographic method through a network, the 
method including: 

receiving, from the second computer system and at the first computer system, a second 
public key M A and an encrypted second random number; 

generating a first secret S B by hashing one or more parameters that are known to the first 
computer system and the second computer system, at least one of the parameters 
being a result of hashing equal to a s e qu e nc e of hash functions applied to at 
leas tone or more of the following: a first password P B , a first public key M B , and 
the second public key M A ; 
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generating a first session key K B , the session key K B being different from the first secret 

S B , both the session key K B and the first secret S B being computed from the 

second public key Ma; 
decrypting, using the first secret S B , to retrieve a second random number N A from the 

encrypted second random number; 
modifying the second random number N A to obtain a modified second random number; 
encrypting the modified second random number with the first session key K B or the first 

secret S B to obtain a first encrypted result; 
encrypting the first encrypted result with the other one of the first session key K B or the 

first secret S B to obtain an encrypted random package; 
transmitting the encrypted random package from the first computer system to the second 

computer system. 

(Currently Amended) A computer system for performing a cryptographic method through 
a network, the computer system comprising: 
a processor; 

a network interface coupled to the network and coupled to the processor, the network 

interface to receive a request including information on a user identification; and 
a storage device coupled to the processor, the storage device to store a user password 

associated with the user identification, and wherein the processor is to perform a 

method, including 

generating a first public key M B ; 

receiving a second public key Ma and an encrypted second random number 
through the network interface from a second computer system ; 

generating a first secret S B by hashing one or more parameters that are known to 
the first computer system and the second computer system, at least one of 
the parameters being a result of hashing e qual to a s e qu e nc e of hash 
functions appli e d to at l e ast one or more of the following: a first password 
P B , a first public key M B , and the second public key M A ; 
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generating a first session key K B , the session key K B being different from the first 

secret S B , both the session key K B and the first secret S B being computed 

from the second public key M A ; 
decrypting, using the first secret S B and the first session key K B , to retrieve the 

second random number Na from the encrypted second random number; 
modifying the second random number N A to obtain a modified second random 

number; 

encrypting the modified second random number with the first session key K B or 

the first secret S B to obtain a first encrypted result; 
encrypting the first encrypted result with the other one of the first session key K B 

or the first secret S B to obtain an encrypted random package; 
transmitting the encrypted random package through the network interface. 



41 . (Previously Presented) The computer system of claim 40 wherein the network is a 

network operating according to a hypertext transfer protocol; and the first public key M B 
is transmitted for session key exchange before the encrypted second random number is 
received. 
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